search

containrrr / watchtower

A process for automating Docker container base image updates.
https://containrrr.dev/watchtower/
Apache License 2.0
19.33k stars 854 forks source link

Failed to send notification via shoutrrr, broken pipe. #784

Closed mannawar closed 3 years ago

mannawar commented 3 years ago

Hello: I have implemented watchtower on my containers to check for updates in UI. But i am getting Failed to send notification via shoutrrr, broken pipe.

Below is my docker-compose configuration:

 watchtower:
        container_name: watchtower
        restart: always
        image: containrrr/watchtower
        environment:
        - WATCHTOWER_NOTIFICATIONS=email
        - WATCHTOWER_CLEANUP=TRUE
        - WATCHTOWER_MONITOR_ONLY=true
        - WATCHTOWER_NOTIFICATION_EMAIL_FROM=example@gmail.com
        - WATCHTOWER_NOTIFICATION_EMAIL_TO=mannawar.hussain@example.com
        - WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.gmail.com
        - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=dbt3zrdsdd@gmail.com
        - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=abcdef
        - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587

        volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        command: --debug true --cleanup true portainer sails-server sails-worker redis-store postgres-adminer angular postgresql-server

networks:
  frontend:
  backend:

The error i am receiving in the watctower logs is 

Failed to send notification via shoutrrr (url=smtp://dbt3zrdsdd%40gmail.com:example%40123@smtp.gmail.com:587/?auth=Plain&encryption=None&fromaddress=example@gmail.com&fromname=Watchtower&starttls=Yes&subject=Watchtower updates on 24b93aa76b51&toaddresses=mannawar.hussain@example.com&usehtml=No):  error authenticating: write tcp 152.11.0.2:3555->62.124.30.108:554: write: broken pipe

Any thoughts on that

github-actions[bot] commented 3 years ago

Hi there! 👋🏼 As you're new to this repo, we'd like to suggest that you read our code of conduct as well as our contribution guidelines. Thanks a bunch for opening your first issue! 🙏

simskij commented 3 years ago

This is not the reason for the issue you're experiencing, but the true's in --debug true --cleanup true is not needed, and will add true to the list of containers that watchtower is trying to monitor.

Reg. your actual issue: have you set up an application password for your Gmail account? If not, this is likely the issue.

mannawar commented 3 years ago

The generated password to be used inside as a value of "WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD" ?

mannawar commented 3 years ago

I have lready set up my app password as well. The error code is as below.

Failed to send notification via shoutrrr (url=smtp://test1.alcanzar%40gmail.com:thymjtexwkwpzlda@smtp.gmail.com:587/?auth=Plain&encryption=None&fromaddress=test1.alcanzar@gmail.com&fromname=Watchtower&starttls=Yes&subject=Watchtower updates on 0f6c1b01e2c1&toaddresses=mannawar.hussain@alcanzarsoft.com&usehtml=No):  error authenticating: write tcp 172.22.0.1:46772->74.125.23.108:587: write: broken pipe
mannawar commented 3 years ago

I have tried with my other email options using aws cred. still showng the same errors. I even tried to whitelist the ip as suggested here for ipv4 only but still the same https://askubuntu.com/questions/146163/how-do-i-allow-all-possible-ips-for-gmail-servers-through-my-ufw-firewall

piksel commented 3 years ago

This most likely have to do with encryption being set to None here. It should default to auto. Until this is fixed, you can use:

  - WATCHTOWER_NOTIFICATIONS=shoutrrr
  - "WATCHTOWER_NOTIFICATION_URL=smtp://test1.alcanzar%40gmail.com:thymjtexwkwpzlda@smtp.gmail.com:587/?auth=Plain&encryption=Auto&fromaddress=test1.alcanzar@gmail.com&fromname=Watchtower&starttls=Yes&subject=Watchtower updates on 0f6c1b01e2c1&toaddresses=mannawar.hussain@alcanzarsoft.com&usehtml=No"

instead. Use the real URL from your error message, but change the encryption to Auto.

mannawar commented 3 years ago

Thanks, which url you are talking about? right now not getting any notification

piksel commented 3 years ago

I have lready set up my app password as well. The error code is as below.

Failed to send notification via shoutrrr (url=smtp://test1.alcanzar%40gmail.com:thymjtexwkwpzlda@smtp.gmail.com:587/?auth=Plain&encryption=None&fromaddress=test1.alcanzar@gmail.com&fromname=Watchtower&starttls=Yes&subject=Watchtower updates on 0f6c1b01e2c1&toaddresses=mannawar.hussain@alcanzarsoft.com&usehtml=No):  error authenticating: write tcp 172.22.0.1:46772->74.125.23.108:587: write: broken pipe
mannawar commented 3 years ago

I have set up my notification url as you mentioned

- "WATCHTOWER_NOTIFICATION_URL=smtp://test1.alcanzarsoft:cubsjkqiqjjjalrv@smtp.gmail.com:587/?auth=Plain&encryption=Auto&fromaddress=test1.alcanzarsoft@gmail.com&fromname=Watchtower&starttls=Yes&subject=Watchtower updates on 0f6c1b01e2c1&toaddresses=mannawar.hussain@alcanzarsoft.com&usehtml=No"

Error is as below then 

time="2021-01-28T03:42:19Z" level=fatal msg="Failed to initialize Shoutrrr notifications: error initializing router services: toAddress missing from config URL\n"

when i remove whitespace with placeholder underscore as below

- "WATCHTOWER_NOTIFICATION_URL=smtp://test1.alcanzarsoft:cubsjkqiqjjjalrv@smtp.gmail.com:587/?auth=Plain&encryption=Auto&fromaddress=test1.alcanzarsoft@gmail.com&fromname=Watchtower&starttls=Yes&subject=Watchtower_updates_on_0f6c1b01e2c1&toaddresses=mannawar.hussain@alcanzarsoft.com&usehtml=No"

Error is as below:

Failed to send notification via shoutrrr (url=smtp://test1.alcanzarsoft:cubsjkqiqjjjalrv@smtp.gmail.com:587/?auth=Plain&encryption=Auto&fromaddress=test1.alcanzarsoft@gmail.com&fromname=Watchtower&starttls=Yes&subject=Watchtower_updates_on_0f6c1b01e2c1&toaddresses=mannawar.hussain@alcanzarsoft.com&usehtml=No):  error authenticating: write tcp 172.22.0.2:54834->74.125.24.108:587: write: broken pipe

Note: For security reason i have changed few digits of app password Please advice

piksel commented 3 years ago

Okay, try using the Shoutrrr CLI directly to get the full error message in the console:

 docker run --rm -it containrrr/shoutrrr send -v "smtp://test1.alcanzarsoft:cubsjkqiqjjjalrv@smtp.gmail.com:587/?auth=Plain&encryption=Auto&fromaddress=test1.alcanzarsoft@gmail.com&fromname=Watchtower&starttls=Yes&subject=Watchtower_updates_on_0f6c1b01e2c1&toaddresses=mannawar.hussain@alcanzarsoft.com&usehtml=No" TestMessage
mannawar commented 3 years ago

This is returning again the same broken pipe as below

SHOUTRRR 2021/01/28 12:37:40 Warning: StartTLS enabled, but server did not report support for it. Connection is NOT encrypted
Error: error authenticating: write tcp 172.17.0.3:56708->74.125.68.108:587: write: broken pipe
piksel commented 3 years ago

Ehm, thats weird... gmails SMTP definitely responds that it supports STARTTLS:

$ nc smtp.gmail.com 587

220 smtp.gmail.com ESMTP h189sm1585451lfd.201 - gsmtp
HELO localhost
250 smtp.gmail.com at your service
EHLO localhost
250-smtp.gmail.com at your service, [92.34.182.128]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8

Try using port 465 instead, that one uses implicit TLS.

Update: I tried it using my own gmail account with app password:

Port 587 with StartTLS ``` $ docker run --rm -it containrrr/shoutrrr send -v "smtp://***:***@smtp.gmail.com:587/?auth=Plain&encryption=Auto&fromaddress=***@gmail.com&fromname=Watchtower&starttls=Yes&subject=Watchtower_updates_on_0f6c1b01e2c1&toaddresses=***@gmail.com&usehtml=No" Test587 URLs: smtp://***:***@smtp.gmail.com:587/?auth=Plain&encryption=Auto&fromaddress=***@gmail.com&fromname=Watchtower&starttls=Yes&subject=Watchtower_updates_on_0f6c1b01e2c1&toaddresses=***@gmail.com&usehtml=No Message: Test587 SHOUTRRR 2021/01/28 12:57:17 Mail successfully sent to "***@gmail.com"! Notification sent ```
Port 465 with implicit TLS ``` $ docker run --rm -it containrrr/shoutrrr send -v "smtp://***:***@smtp.gmail.com:465/?auth=Plain&encryption=Auto&fromaddress=***@gmail.com&fromname=Watchtower&starttls=Yes&subject=Watchtower_updates_on_0f6c1b01e2c1&toaddresses=***@gmail.com&usehtml=No" Test465 URLs: smtp://***:***@smtp.gmail.com:465/?auth=Plain&encryption=Auto&fromaddress=***@gmail.com&fromname=Watchtower&starttls=Yes&subject=Watchtower_updates_on_0f6c1b01e2c1&toaddresses=***@gmail.com&usehtml=No Message: Test465 SHOUTRRR 2021/01/28 12:57:39 Mail successfully sent to "***@gmail.com"! Notification sent ```
mannawar commented 3 years ago

Thanks. Finally it is sending notification through port 465. But when i do nc smtp.gmail.com 587 My terminal gives 220 smtp.gmail.com ESMTP 206sm6005885pfb.43 - gsmtp and suddenly closes. while when i did nc smtp.gmail.com 465. Terminal just hung up blank. Any thought on that.

piksel commented 3 years ago

You have to act like a SMTP client, send this:

HELO localhost
EHLO localhost

For the 465 port you have to talk TLS encrypted, that's basically not possible using netcat. It's probably possible to do using openssl if you really want to try. I would be really interested to know what the response is for your 587 though, as it kind of seems like a STRIPTLS man-in-the-middle attack...

mannawar commented 3 years ago

It is just exiting when i type nc smtp.gmail.com 587. Here is the screenshot Capture

mannawar commented 3 years ago

@piksel i am not getting any email notification when there is new container in docker hub registry. why?

mannawar commented 3 years ago

and my repo is private

mannawar commented 3 years ago

closing for better.

ghost commented 3 years ago

To avoid important communication to get lost in a closed issues no one monitors, I'll go ahead and lock this issue. If you want to continue the discussion, please open a new issue. Thank you! 🙏🏼